[RESEND RFC] kernel/ksysfs.c: restrict /sys/kernel/notes to root access
From: Guixiong Wei
Date: Sun Feb 18 2024 - 02:35:25 EST
From: Guixiong Wei <weiguixiong@xxxxxxxxxxxxx>
Restrict non-privileged user access to /sys/kernel/notes to
avoid security attack.
The non-privileged users have read access to notes. The notes
expose the load address of startup_xen. This address could be
used to bypass KASLR.
For example, the startup_xen is built at 0xffffffff82465180 and
commit_creds is built at 0xffffffff810ad570 which could read from
the /boot/System.map. And the loaded address of startup_xen is
0xffffffffbc265180 which read from /sys/kernel/notes. So the loaded
address of commit_creds is 0xffffffffbc265180 - (0xffffffff82465180
- 0xffffffff810ad570) = 0xffffffffbaead570.
Signed-off-by: Guixiong Wei <weiguixiong@xxxxxxxxxxxxx>
---
kernel/ksysfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c
index b1292a57c2a5..09bc0730239b 100644
--- a/kernel/ksysfs.c
+++ b/kernel/ksysfs.c
@@ -199,7 +199,7 @@ static ssize_t notes_read(struct file *filp, struct kobject *kobj,
static struct bin_attribute notes_attr __ro_after_init = {
.attr = {
.name = "notes",
- .mode = S_IRUGO,
+ .mode = S_IRUSR,
},
.read = ¬es_read,
};
--
2.24.3 (Apple Git-128)